Iran dismisses threat of Narilam malware

The firm’s official blog warned organisations about the potential “chaos” brought by the data-sabotaging ‘W32.Narilam’ malware, and posted a map identifying Iran as the main victim of the threat. The worm is said to copy itself onto infected machines, add registry keys, and spread through removable drives and network shares. Symantec likened it to the devastating Stuxnet and Flame viruses which ravaged networks across the Middle East – most notably in Iran.

But the Islamic Republic’s cyber emergency response team, the Maher centre, has since issued a statement which claims Symantec’s report “shows some misunderstanding”.

“The malware called "narilam" by Symantec was an old malware, previously detected and reported online in 2010 by some other names. This malware has no sign of a major threat, nor a sophisticated piece of computer malware,” the announcement reads.

The Maher centre goes on to claim the threat is not widespread and can only corrupt the databases of certain products made by a particular Iranian software company. The group believes it has been launched in a bid to harm the company’s reputation, while the “simple” malware is apparently “not a threat for general users and need[s] no special care.”